[Catalyst] Check session expiry without extending it
Alexander Hartmaier
alexander.hartmaier at t-systems.at
Thu Mar 4 17:33:13 GMT 2010
My solution is to return an error message which includes the link to the
login form with Catalyst::Controller::DBIC::API.
My ExtJS store class has an exception handler that shows a MessageBox
with the error text:
exception:function(sender, type, action, options, response, arg) {
switch (type) {
case 'remote':
var errortext = 'server error occurred';
if (response.raw.errors.generic) {
errortext = response.raw.errors.generic.join('<br />');
}
Ext.Msg.alert('Error', errortext);
break;
case 'response':
if (response.isTimeout) {
Ext.Msg.alert('Error', 'the request timed out');
}
else {
Ext.Msg.alert('Error', response.statusText);
}
break;
// that should never happen according to extjs docs
default:
Ext.Msg.alert('Error', 'unknown error occurred');
break;
}
}
--
Best regards, Alex
Am Donnerstag, den 04.03.2010, 16:05 +0100 schrieb Peter Karman:
> Bill Moseley wrote on 03/04/2010 08:39 AM:
>
> > The developer explained that the AJAX session check was needed to
> > prevent a user from making a lot of changes in the client that could not
> > be saved due to a an expires session. Not sure I see the logic there.
>
> I've been solving that session-has-expired-so-ajax-call-fails problem by
> having a global listener on my ajax class that checks whether the
> session cookie has expired before every xhr request. I'm not completely
> happy with how this works (it feels kludgy; it assumes the cookie
> expiration time == session expiration time; and it relies on an alert()
> to halt the browser's progress (effectively making an async call
> synchronous)), but so far it's the most effective way I've found of
> preventing user meltdown when their carefully crafted request will be
> lost because the session has expired on the server end.
>
> // make sure we are logged in before every xhr request
> Ext.Ajax.on('beforerequest', function(conn, opts) {
> if (!AIR.Auth.isAuthenticated()) {
> AIR.Auth.login();
> return false;
> }
> return true;
> });
>
> // get session cookie. Returns false if the cookie is expired.
> AIR.Auth.isAuthenticated = function() {
> var auth_tkt = Ext.util.Cookies.get('auth_tkt');
> return auth_tkt;
> }
>
> // spawn a popup window to the login page, halting the browser's
> // XHR call with an alert()
> AIR.Auth.login = function() {
> // open a popup panel
> var winOpts =
> 'height=400,width=400,resizable=yes,scrollbars=yes,menubar=yes';
>
> // the closeWindow param tells the login script to generate
> // local page js on success that will close the popup window.
> var url = 'https://my.sso.url/login?back=closeWindow';
> AIR.Auth.window = window.open(url,'login-window',winOpts);
> if (window.focus) {
> AIR.Auth.window.focus();
> }
>
> // the alert is necessary to keep the browser from proceeding
> // with whatever request it was making.
> alert("Your session has expired. Login again and then click Ok.");
>
> }
>
>
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
More information about the Catalyst
mailing list